package com.zx.mes.hyl.security.browser;

import com.zx.mes.hyl.security.core.authentication.FormAuthenticationConfig;
import com.zx.mes.hyl.security.core.authorize.AuthorizeConfigManager;
import com.zx.mes.hyl.security.core.properties.SecurityConstants;
import com.zx.mes.hyl.security.core.properties.SecurityProperties;
import com.zx.mes.hyl.security.core.validate.code.ValidateCodeProcessorManager;
import com.zx.mes.hyl.security.core.validate.code.ValidateCodeSecurityConfig;
import com.zx.mes.hyl.security.core.validate.code.filter.ValidateCodeFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * 浏览器环境下安全配置主类
 * @author hyl
 * @date 2018-5-31
 */
@Configuration
public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter{

    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private SecurityProperties securityProperties;

    @Autowired
    private AuthenticationFailureHandler longAuthenticationFailureHandler;

    @Autowired
    private ValidateCodeProcessorManager validateCodeProcessorManager;

    @Autowired
    private FormAuthenticationConfig formAuthenticationConfig;

    @Autowired
    private ValidateCodeSecurityConfig validateCodeSecurityConfig;

    @Autowired
    private AuthorizeConfigManager authorizeConfigManager;


    @Override
    protected void configure(HttpSecurity http) throws Exception {

        logger.info(securityProperties.getBrowser().getSignInPage());

//        ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();
//        validateCodeFilter.setAuthenticationFailureHandler(longAuthenticationFailureHandler);
//        validateCodeFilter.setSecurityProperties(securityProperties);
//        validateCodeFilter.setValidateCodeProcessorManager(validateCodeProcessorManager);
//        validateCodeFilter.afterPropertiesSet();

        formAuthenticationConfig.configure(http);

        /* 在所有的 security 拦截器前添加一个验证码校验拦截器 **/
        http.apply(validateCodeSecurityConfig)
                .and()
            .csrf().disable();

        authorizeConfigManager.config(http.authorizeRequests());

    }
}
